The Hacker News — Cyber Security, Hacking, Technology News

A zero-day vulnerability has been discovered in the desktop version for end-to-end encrypted Telegram messaging app that was being exploited in the wild in order to spread malware that mines cryptocurrencies such as Monero and ZCash.

The Telegram vulnerability was uncovered by security researcher Alexey Firsh from Kaspersky Lab last October and affects only the Windows client of Telegram messaging software.

The flaw has actively been exploited in the wild since at least March 2017 by attackers who tricked victims into downloading malicious software onto their PCs that used their CPU power to mine cryptocurrencies or serve as a backdoor for attackers to remotely control the affected machine, according to a blogpost on Securelist.

Here's How Telegram Vulnerability Works

The vulnerability resides in the way Telegram Windows client handles the RLO (right-to-left override) Unicode character (U+202E), which is used for coding languages that are written from right to left, like Arabic or Hebrew.

According to Kaspersky Lab, the malware creators used a hidden RLO Unicode character in the file name that reversed the order of the characters, thus renaming the file itself, and send it to Telegram users.

For example, when an attacker sends a file named "photo_high_re*U+202E*gnp.js" in a message to a Telegram user, the file's name rendered on the users' screen flipping the last part.

Therefore, the Telegram user will see an incoming PNG image file (as shown in the below image) instead of a JavaScript file, misleading into downloading malicious files disguised as the image.

"As a result, users downloaded hidden malware which was then installed on their computers," Kaspersky says in its press release published today.

Kaspersky Lab reported the vulnerability to Telegram and the company has since patched the vulnerability in its products, as the Russian security firm said: "at the time of publication, the zero-day flaw has not since been observed in messenger's products."

Hackers Used Telegram to Infect PCs with Cryptocurrency Miners

During the analysis, Kaspersky researchers found several scenarios of zero-day exploitation in the wild by threat actors. Primarily, the flaw was actively exploited to deliver cryptocurrency mining malware, which uses the victim's PC computing power to mine different types of cryptocurrency including Monero, Zcash, Fantomcoin, and others.

While analyzing the servers of malicious actors, the researchers also found archives containing a Telegram's local cache that had been stolen from victims.

In another case, cybercriminals successfully exploited the vulnerability to install a backdoor trojan that used the Telegram API as a command and control protocol, allowing hackers to gain remote access to the victim’s computer.

"After installation, it started to operate in a silent mode, which allowed the threat actor to remain unnoticed in the network and execute different commands including the further installation of spyware tools," the firm added.

Firsh believes the zero-day vulnerability was exploited only by Russian cybercriminals, as "all the exploitation cases that [the researchers] detected occurring in Russia," and a lot of artifacts pointed towards Russian cybercriminals.

The best way to protect yourself from such attacks is not to download or open files from unknown or untrusted sources.

The security firm also recommended users to avoid sharing any sensitive personal information in messaging apps and make sure to have a good antivirus software from reliable company installed on your systems.

After being threatened with a ban in Russia, end-to-end encrypted Telegram messaging app has finally agreed to register with new Russian Data Protection Laws, but its founder has assured that the company will not comply to share users' confidential data at any cost.

Russia's communications watchdog Roskomnadzor had recently threatened to block Telegram if the service did not hand over information required to put the app on an official government list of information distributors.

The Russian government requirement came following terrorists' suicide bombings that killed 15 people in Saint Petersburg in April in which terrorists allegedly used the Telegram's app to communicate and plot attacks.

"There is one demand, and it is simple: to fill in a form with information on the company that controls Telegram," said Alexander Zharov, head of Roskomnadzor.

"And to officially send it to Roskomnadzor to include this data in the registry of organizers of dissemination of information. In case of refusal… Telegram shall be blocked in Russia until we receive the needed information."

Telegram CEO Pavel Durov refused to comply with the country's requirements because he feared that it would weaken the privacy of its over 6 Million Russian users.

Telegram: No Confidential Data of Users will be Shared

However, after facing pressure from the government, Durov agreed on Wednesday to just register with the Russian government, but the company wouldn't store citizens' information on the Russian servers.

The Russian Federal Service for Supervision Of Communications, Information Technology and Mass Media (Roskomnadzor) announced on Wednesday that Telegram had finally presented all the requirements.

Roskomnadzor is a federal executive body in Russia responsible for overseeing the media, including the electronic media, mass communications, information technology and telecommunications; organizing the work of the radio-frequency service; and overseeing compliance with the law protecting the confidentiality of its users' personal data.

Durov announced his decision via VK.com, the Russian version of Facebook, adding that while he's happy for Telegram to be formally registered in Russia, anything that violates users' privacy will not be served — only basic information about the company will be shared.

"We will not comply with unconstitutional and technically impossible Yarovaya Package laws—as well as with other laws incompatible with the protection of privacy and Telegram's privacy policy," Durov said.

Telegram is an end-to-end encrypted messaging app, but unlike WhatsApp, Telegram does not offer the end-to-end messaging feature to its users by default. Rather users need to open encrypted chats to communicate securely.

How to Communicate Securely with Telegram

If you are communicating with people on Telegram thinking that your chats are end-to-end encrypted by default, you are mistaken.

So, always make sure that you communicate with people on Telegram using its encrypted chat feature. Here's how to start an end-to-end encrypted chat on Telegram:

Open Telegram app

Select the contact you want to communicate

Click on his/her name

Select 'Start Secret Chat' (highlighted in green color)

A new, secure chat window will open, where you can communicate securely.

You can also enable other security features offered by Telegram.

These features include Two-Step Verificationthat allows you to set up an additional passcode for your Telegram account, which is also required to log into your account and Self-Destruct Secret Chats that lets you self-destruct your messages after a specified time (between 1 second and 1 week), leaving no trace on Telegram servers.

Russia has threatened to ban Telegram end-to-end encrypted messaging app, after Pavel Durov, its founder, refused to sign up to the country's new data protection laws.

Russian intelligence service, the FSB, said on Monday that the terrorists that killed 15 people in Saint Petersburg in April had used the Telegram encrypted messaging service to plot their attacks.

According to the new Russian Data Protection Laws, as of January 1, all foreign tech companies have been required to store the past six months' of the personal data of its citizens and encryption keys within the country; which the company has to share with the authorities on demand.

"There is one demand, and it is simple: to fill in a form with information on the company that controls Telegram," Alexander Zharov said, head of communications regulator Roskomnadzor (state communications watchdog).

"And to officially send it to Roskomnadzor to include this data in the registry of organizers of dissemination of information. In case of refusal… Telegram shall be blocked in Russia until we receive the needed information."

Russian wants Telegram to share its users' chats and crypto keys if asked, as the encrypted messaging app has become widely popular among terrorists that operate inside Russia.

Founder Pavel Durov said on Twitter that the Intelligence agencies have pressured the company to weaken its encryption or install a backdoor.

So far, Telegram has refused to comply with the requirements in order to protect the privacy of its more than 6 million plus Russian users.

In November last year, LinkedIn, the world's largest online professional network, was also banned in Russia for not complying with the country's data protection laws.

Joining the line with rival chat apps WhatsApp, Viber, Facebook Messenger, and Signal, the Telegram instant messaging service has finally rolled out a much-awaited feature for the new beta versions of its Android app: Voice Calling.

And what's interesting?Your calls will be secured by Emojis, and quality will be better using Artificial Intelligence.

No doubt the company brought the audio calling feature quite late, but it's likely because of its focus on security — the voice calls on Telegram are by default based on the same end-to-end encryption methods as its Secret Chat mode to help users make secure calls.

Unlike Signal or WhatsApp, Telegram does not support end-to-end encryption by default; instead, it offers a 'Secret Chat' mode, which users have to enable manually, to completely secure their chats from prying eyes.

However, the voice calling feature in Telegram supports end-to-end encryption by default, enabling users to secure their chats in a way that no one, not even Telegram or law enforcement, can intercept your calls.

Emoji-Based Secure Key Exchange Mechanism

Telegram features an interesting key exchange mechanism to authenticate users and make sure their calls are even more secure: Users are required just to compare four emoji.

While making a call, you will see four emoji on your mobile screen and so the recipient. If the emoji on your screen match the recipient's, your connection is secure!

"The key verification UI we came up with in 2013 to protect against man-in-the-middle attacks served well for Telegram (and for other apps that adopted it), but for Calls, we needed something easier," Telegram said in a blog post published Thursday.

"That's why we've improved the key exchange mechanism. To make sure your call is 100% secure, you and your recipient just need to compare four emoji over the phone. No lengthy codes or complicated pictures!"

Voice Calls — Encrypted, Super-Fast and AI-Powered

What's more? Telegram ensures its users that the audio quality of the voice calls has kept as high as possible by using a peer-to-peer connection, the best audio codecs, and Artificial Intelligence.

Developers say that audio quality of the call is "superior to any of our competitors" by including an AI neural network.

So, each time you make a Voice Call, your Telegram app's AI neural network will optimize dozens of parameters based on technical information of your device and network such as network speed, ping times, packet loss percentage, to adjust the quality of your call and improve future calls on the given device and network.

"These parameters can also be adjusted during a conversation if there's a change in your connection," the company states. "Telegram will adapt and provide excellent sound quality on stable WiFi — or use less data when you walk into a refrigerator with bad reception."

Note: AI doesn't have access to the contents of the conversation, so your calls are completely secure.

Telegram Offer Complete Control & Video Compression

Unlike WhatsApp and Facebook, Telegram lets you control "who can and who can't call you with granular precision."

If you don't want anyone bothering you, you can simply switch voice calls off altogether, blocking anyone and even everyone from calling you.

Telegram also offers users direct control over the quality of videos they shared over the platform. You can adjust the compression and see the quality of the video before sending it to your friends.

You can also set the video compression rate as the default setting for all your future video uploads.

Telegram version 3.18 which includes new features, such as Voice Calling, is free to download for iPhone on the App Store and Android phone on the Google Play Store.

Next time when someone sends you a photo of a cute cat or a hot chick on WhatsApp or Telegram then be careful before you click on the image to view — it might hack your account within seconds.

A new security vulnerability has recently been patched by two popular end-to-end encrypted messaging services — WhatsApp and Telegram — that could have allowed hackers to completely take over user account just by having a user simply click on a picture.

The hack only affected the browser-based versions of WhatsApp and Telegram, so users relying on the mobile apps are not vulnerable to the attack.

According to Checkpoint security researchers, the vulnerability resided in the way both messaging services process images and multimedia files without verifying that they might have hidden malicious code inside.

For exploiting the flaw, all an attacker needed to do was sending the malicious code hidden within an innocent-looking image. Once the victim clicked on the picture, the attacker could have gained full access to the victim’s WhatsApp or Telegram storage data.

This eventually allowed attackers to take full access to the user's account on any browser, view and manipulate chat sessions, access victim's personal and group chats, photos, videos, audios, other shared files and contact lists as well.

To make this attack widespread, the attacker can then send the malware-laden image to everyone on the victim's contact list, which could, eventually, mean that one hijacked account could be led to countless compromises by leapfrogging accounts.

Video Demonstration

The researchers also provided a video demonstration, given below which shows the attack in action.

Here's Why This Vulnerability Went Undetected:

Both WhatsApp and Telegram use end-to-end encryption for its messages to ensure that nobody, except the sender and the receiver, can read the messages in between.

However, this same end-to-end encryption security measure was also the source of this vulnerability.

Since the messages were encrypted on the side of the sender, WhatsApp and Telegram had no idea or a way of knowing, that malicious code was being sent to the receiver, and thus were unable to prevent the content from being running.

"Since messages were encrypted without being validated first, WhatsApp and Telegram were blind to the content, thus making them unable to prevent malicious content from being sent," the researchers writes in a blog post.

WhatsApp fixed the flaw within 24 hours on Thursday, March 8, while Telegram patched the issue on Monday.

Since the fixes have been applied on the server end, users don't have to update any app to protect themselves from the attack; instead, they just need a browser restart.

"It's a big vulnerability in a significant service," said Oded Vanunu, head of product vulnerability research at Check Point. "Thankfully, WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients."

WhatsApp did not notice any abuse of the vulnerability, while Telegram claimed the flaw was less severe than WhatsApp, as it required the victim to right click on the image content and then open it in a new window or tab for the malicious code to run and exploit its users.

After fixing this flaw, content on the web versions of both WhatsApp and Telegram will now be validated before the end-to-end encryption comes into play, allowing malicious files to be blocked.

We have heard a lot about data breaches nowadays. And if you think that switching to an encrypted messaging service may secure you and your data, then you may be wrong.

No good deed today can help you protect yourself completely.

Reuters and several media outlets are reporting that the phone numbers of 15 Million users in Iran and more than a dozen accounts on the Telegram instant messaging service have been compromised by Iranian hackers exploiting an SMS text message flaw.

Telegram is a messaging app "with a focus on security" that promotes itself as an ultra secure instant messaging system as all data is end-to-end encrypted. The service claims to have 100 Million active subscribers.

According to research conducted by two security researchers, Collin Anderson and Claudio Guarnieri, this attack has threatened the communications of activists, journalists and other people in Iran, where around 20 Million people use Telegram.

However, you don't need to panic much, because 'SMS Interception' is not a Telegram's vulnerability. Such attack can be used against any messaging app, like Whatsapp and Viber, whose registration is based upon SMS-based verification mechanism.

Not Just Telegram, Other Secure Messaging Apps Also Hackable:

For those who aren't familiar, the SMS-based verification process is being deployed by the services to send authorization codes to its users via text messages, in Telegram case, to activate the same account on new devices.

But, these authorization codes provided in the SMS can be intercepted by state-owned phone companies or any malicious hacker with advanced skills and access to sufficient resources.

With the help of these codes, hackers could covertly add new devices, in the case of Telegram that allows users to log their account on multiple devices, to a target's Telegram account and snoop on messages, though end-to-end encrypted chats aren't accessible across devices.

This is how the standard SMS-based verification works, so one can not blame Telegram or particular service that is using this mechanism.

"As for the reports that several accounts were accessed earlier this year by intercepting SMS-verification codes, this is hardly a new threat as we've been increasingly warning our users in certain countries about it." Telegram says.

3 Telegram Security Features You Might Not Know About. Turn Them ON!

While other encrypted services do not offer any security mechanism to combat such hacking and surveillance attempts by hackers and government, Telegram provides some security features that are less known but are important to implement.

1. Monitor Telegram Active Sessions

Unlike WhatsApp and other messaging apps, Telegram allows you to sync your single account to multiple devices like your mobile, tablet and desktop.

Every sign-in creates an Active Session that can be viewed through Privacy and Security settings, showing all your logged in devices with IP addresses.

Telegram also gives you an option to remotely stop any session that you no longer need or find suspicious.

2. Enable Telegram's Two-Step Verification Password(Important)

Another great feature Telegram developers added is two-step verification that allows you to set up an additional password for your Telegram account, which is a must to log into your account.

This feature prevents you from the recent SMS text message attacks, as that additional password is required for an attacker to log into your account.

So, if you think that your mobile carrier or state-sponsored hacker is intercepting your SMS codes, the best solution is to use 2-Step Verification to protect your Telegram account with a password.

If you do that, there's nothing an attacker, even with your authentication code, can do.

3. Use Self-Destruct Secret Chats

Recently introduced in Facebook Messenger, Telegram also offers Self-Destruct Secret Chats that allows you to self-destruct your messages after a specified time (from 1 second to 1 week), leaving no trace on Telegram servers, unlike the regular chat method.

Last year, Iran blocked Telegram and many other social networks after their founders refused to help Iranian authorities to spy on their citizens.

Now it looks like Iranian government wants tighter controls on all foreign messaging and social media apps operating in the country that will give the authorities a wider ability to monitor and censor its people.

All foreign messaging and social media apps operating in Iran have one year to move 'data and activity' associated with Iranian citizens onto servers in Iran, Reuters reported.

In order to comply with the new regulations, the companies would need to set up data centers in Iran within one year, but apps may lose a larger number of users by moving data onto Iranian servers.

However, transferring data to Iran servers might not be enough, as some of the most popular messaging services like WhatsApp, Apple iMessage, and Telegram are offering end-to-end encrypted communication i.e. nobody in between, not even WhatsApp can read the content of your messages.

Just two weeks back Iranian authorities arrested eight women with involvement in online “un-Islamic” modeling photographs without wearing the compulsory headscarf, and their Instagram page has been shut down, along with Facebook pages and business websites.

"Telegram's data centres are to be moved inside the country so they can delete what they want and arrest who they want," @Mehrdxd said in a tweet.

Clickjacking Vulnerability in Telegram Web Client

The official Telegram web-client that allows its users to access messenger account over desktop’s web browser is vulnerable to clickjacking web application vulnerability.

Egyptian security researcher Mohamed A. Baset told The Hacker News about a flaw in Telegram that could allow an attacker to change sensitive information of a Telegram user, including password and the recovery e-mail. [Watch Video Demo]

"Telegram web client is not protecting itself from clickjacking with the typical X-Frame-Options header but uses a JS frame busting technique to prevent the website to be iframed," Mohamed says.

However, by exploiting one of HTML5 Features, Mohamed was able to open the Telegram account’s settings page with a sandboxed iframe to prevent redirecting to top window, which also allows him to execute cross-site request forgery (csrf) vulnerability on the web-client.

"I sent [bug report] it to them [Telegram team] but haven't got any reply or even an automated one (4 days ago)," Mohamed told The Hacker News.

German Nuclear Power Plant in Bavaria Infected with Malware

A German nuclear power plant has been found to be infected with several computer viruses that can steal login credentials, allowing a remote attacker to access the infected computers.

The viruses, identified as "W32.Ramnit" and "Conficker", were discovered on office computers and in a computer system used to control the movement of radioactive fuel rods, the station's operator said on Tuesday.

However, the infections appear not to have posed any threat to the nuclear facility's operations because the viruses could not activate, thanks to the computers that are made isolated from the Internet.

Former Tor Developer Created Malware for FBI to Hack Tor Users

Do you know who created malware for the FBI that allowed Feds to unmask Tor users?

It's an insider's job… A former Tor Project developer.

According to an investigation, Matthew J. Edman, a cyber security expert and former employee of the Tor Project, helped the FBI with Cornhusker a.k.a Torsploit malware to hack Tor users in several high-profile cases, including Operation Torpedo and Silk Road.

The Malware exploited vulnerabilities in Adobe Flash Player to reveal Tor users' actual IP address to an FBI servers outside the Tor network.

Child Porn Suspect Held in Jail for 7 Months On Refusing to Decrypt Hard Drives

A Philadelphia man has been in jail for seven months and counting after being refused to comply with a court order forcing him to decrypt two password-protected hard drives seized in connection with a child pornography investigation.

The suspect, Francis Rawls, who is a former Philadelphia Police Department sergeant, has yet not been charged with any child pornography crime because the required evidence is locked in his hard drives using Apple's FileVault encryption software.

Rawls failed to comply with the court order, as the passwords he entered in the initial days of the investigation didn't decrypt his hard drives, and was then taken into indefinite imprisonment by US Marshals on Sept. 30, 2015.

Hacking Group Hijacks Windows Hotpatching to Hide its Malware

The Microsoft’s Windows Defender Advanced Threat Hunting team detected that a cyber espionage group of hackers, known as PLATINUM, has found a way to turn the Windows's Hotpatching technique to hide its malware from Antivirus products.

The Hotpatching feature allows system to upgrade applications or the operating system in the running system without having to reboot the computer by inserting the new, updated code into a server.

PLATINUM group has been active since 2009 and launching large-scale attacks against governmental organizations, intelligence agencies, defense institutes and telecommunication providers in South and Southeast Asia.

The terrorist groups affiliated with the Islamic State have an extensive presence not only on social media accounts but also on the popular end-to-end encrypted messaging appTelegram through which they communicate with their followers and spread terror propaganda materials.

Telegram has always been terrorist's favorite, but ISIS had been using the app since October, when Telegram introduced an end-to-end encrypted Secret Chat feature that lets users broadcast messages to an unlimited number of subscribers.

Moreover, Telegram also provides self-destructing message feature that allows users to set their messages to self-destruct itself after a certain period of time.

"We were disturbed to learn that Telegram's public channels were being used by ISIS to spread their propaganda," Telegram writes. "As a result, this week alone we blocked 78 ISIS-related channels across 12 languages."

In the wake of the horrific Paris terrorist attacks, the Telegram creators said they are carefully reviewing all user-submitted reports sent to them and are taking appropriate action to block such channels that are used to spread terror-related contents.

Islamic State (ISIS) — Terror Has gone Social

Just after Anonymous declared war against ISIS, the militants started encouraging its members and followers to use Telegram secure instant messaging app, so that they can effectively make their conversations invisible from Government spies.

No doubt, ISIS is leveraging the power of Social media to spread its message around the globe and deleting just 78 ISIS-affiliated Telegram Channels and 5,500 Twitter accounts won't stop them.

According to our analyses, there are still more than 100 other ISIS Telegram channels and thousands of Twitter and Facebook accounts affiliated with ISIS and each followed by thousands of Jihadists.

How to Report ISIS-related Abusive and Illegal Activities

So, if you come across any terror-related messages and want to contribute to preventing the terrorists from spreading their roots via social media platform, you can file your reports to the respective social media.

In spite of all the things smartphones can do, messaging remains one of the most popular activities. Popular messaging apps like WhatsApp, Viber, WeChat support text messages, voice calls, photo & video sharing features, but there is no provision for sharing every file types on these amazing messengers.

But, some or the other day, we all got struck into an awkward situation where we have to share PDF, apk or zip files with our friends while chatting.

However using any other 3rd-party file sharing services, we can share image, video, audio, zip files or any other file type with our friends, but it would be a lengthy process and sometimes require to use computer.

Gone are the days when you relied on your computer to get all of your work done. Telegram Messenger, the most popular and ultra secure messaging application, is now offering file sharing feature that allows its users to share large files and documents (up to 1.5GB) securely.

Telegram is a messaging app that offers end-to-end encryption and also offers a 'Secret Chat' feature, that self-destruct messages after the conversation. The notable thing about Telegram Messenger is that it is free and an open source project, which means that the source code of the project is freely available.

"A huge advantage of Telegram over any other tool is sharing large documents," the company wrote on its blog post Sunday. "You can send files up to 1.5 GB using Telegram and access them from any of your devices. Perfect for everything from studying to sharing personal archives."

This means that now any file we receive in Telegram Messenger can be sent to email or any other apps just by opening the file in the app and tapping on the Share button. Moreover, Android users would be given a 'Share' option in the file's context menu that will help them to share large files with their friends.

This is rather a very handy feature that many Telegram Messenger users might find useful, since most email providers limit the size of files attachment to 25MB. Also, interesting since none of the competitive service — WhatsApp, Viber, Line allow the transfer of non-media files only.

Telegram Messenger is offering, what the company calls, Bonus for iOS users. As the app is now supported in the iOS 8 sharing menu that could be open while users are viewing any document on their iOS devices.

In addition to sharing large files, the new Telegram Messenger update offers Mute Notifications, where users can temporarily mute notifications from particular contacts and groups for 1 hour, 8 hours or 2 days; and Multisearch, where users can get instant results for particular contacts, chats, groups, usernames or messages.

Cryptocat developer's Peerio secure messaging app also offers file sharing, but the app is not widely used by people, as it is available only for Windows, Mac OS X and Chrome, but not for Android and iOS platform. Android and iOS version of apps are in the progress and will be available soon.

Peerio is an "encrypted productivity suite" designed to offer much more usable alternative to PGP email and file encryption, so that every individual user and business can encrypt everything from Instant Messages to online file storage.

Mobile messaging apps often used to deliver sensitive data or used for personal and corporate communications, so the data stored by the service provider should be encrypted end-to-end, which is not yet in the case of WhatsApp.

There are many mobile messaging applications like Japan-based Line, China’s WeChat, Korea-based KakaoTalk, and Canada’s Kik, India-based Hike and many more, but they are not end-to-end encrypted messengers.

Time is loudly announcing the need to shift to some alternates which provides end-to-end encryption for communication between two devices and respect your Privacy. There are a number of solutions available includes - Telegram, Surespot, Threema, TextSecure, RedPhone etc.

1.) Telegram offers end-to-end encryption and have a 'Secret Chat' feature, that self-destruct messages after the conversation. The company is offering $200,000 Prize in Bitcoin to the first person to crack its Encryption.

"We support two layers of secure encryption (server-client and client-client). Our encryption is based on 256-bit symmetric AES encryption, RSA 2048 encryption and Diffie–Hellman secure key exchange." Company states on their website.

Regular and Secret chats are encrypted, but during Secret chat no data stored on the company server.

There are a couple of more advantages Telegram brings which really are interesting. Telegram is free and an open source project, which means that the source code of the project is freely available, and according to their official website, 'Telegram has an open API and protocol free for everyone'.

2.) Surespotallows you to send and receive text messages, pictures and audio clip with end-to-end encryption. It uses 256 bit AES-GCM encryption using keys created with 521 bit ECDH which can only be decrypted by sender and receiver.

Unlike WhatsApp, if you delete a message, it's deleted from the recipient's phone, too. Surespot supports multiple identities on a single device. Download Surespot for Android and iOS.

3.) Threemais not free, but a perfect alternate for WhatsApp, use end-to-end encryption and gives you all features of WhatsApp like text messaging, image sharing, and voice chat as well.

You can also sync your contact list automatically and manually. German users have started a shift to Threemaafter Facebook's acquisition and the app have become top paid app on the app store in Germany. Download Threema for iOS and Android.

4.) TextSecure and 5.) RedPhone also provides end-to-end encryption for messaging and voice calls respectively. RedPhone allows you to upgrade a normal call to secure call whenever it senses the possibility to fulfil the requirements.

TextSecure encrypts the messages stored locally, making your information hard to leak even if you lost your device. Download TextSecure for Android and Download RedPhone for Android.

So, if you are also now planning to switch, get any of above best suitable mobile messaging application for you.

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will walk you through the skills and concepts you need to master three elite cybersecurity certification exams: CISA, CISM, and CISSP [...]

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!